May 2017 - jboss-jira - Jboss List Archives

[JBoss JIRA] (ELY-970) Elytron Ldap Realm searches roles before validating password when direct verification and referral mode follow are used

by Jan Kalina (JIRA)

[ https://issues.jboss.org/browse/ELY-970?page=com.atlassian.jira.plugin.sy... ] Jan Kalina closed ELY-970. -------------------------- Fix Version/s: 1.1.0.Beta48 Resolution: Cannot Reproduce Bug Unable to reproduce nor by original reporter - closing. > Elytron Ldap Realm searches roles before validating password when direct verification and referral mode follow are used > ----------------------------------------------------------------------------------------------------------------------- > > Key: ELY-970 > URL: https://issues.jboss.org/browse/ELY-970 > Project: WildFly Elytron > Issue Type: Bug > Components: Realms > Affects Versions: 1.1.0.Beta25 > Reporter: Ondrej Lukas > Assignee: Jan Kalina > Priority: Critical > Fix For: 1.1.0.Beta48 > > > In case when Ldap Realm is set to use direct verification and referenced DirContext uses referral mode follow, then roles for referral user are searched before actual user password is validated. In this case following flow is used: > # searching for username > # searching for roles (i.e. searching for attributes) > # validating password for username > It means even if wrong password is used then roles in LDAP are searched. Password should be validated before some roles are searched. Current behavior can result to performance issues. > This is the same issue as ELY-760 but only for case when direct verification and referral mode follow are used and user from referral tries to authenticate. -- This message was sent by Atlassian JIRA (v7.2.3#72005)

6 years, 10 months

1
0
0 / 0

[JBoss JIRA] (ELY-970) Elytron Ldap Realm searches roles before validating password when direct verification and referral mode follow are used

by Jan Kalina (JIRA)

[ https://issues.jboss.org/browse/ELY-970?page=com.atlassian.jira.plugin.sy... ] Jan Kalina reassigned ELY-970: ------------------------------ Assignee: Jan Kalina (was: Darran Lofthouse) > Elytron Ldap Realm searches roles before validating password when direct verification and referral mode follow are used > ----------------------------------------------------------------------------------------------------------------------- > > Key: ELY-970 > URL: https://issues.jboss.org/browse/ELY-970 > Project: WildFly Elytron > Issue Type: Bug > Components: Realms > Affects Versions: 1.1.0.Beta25 > Reporter: Ondrej Lukas > Assignee: Jan Kalina > Priority: Critical > > In case when Ldap Realm is set to use direct verification and referenced DirContext uses referral mode follow, then roles for referral user are searched before actual user password is validated. In this case following flow is used: > # searching for username > # searching for roles (i.e. searching for attributes) > # validating password for username > It means even if wrong password is used then roles in LDAP are searched. Password should be validated before some roles are searched. Current behavior can result to performance issues. > This is the same issue as ELY-760 but only for case when direct verification and referral mode follow are used and user from referral tries to authenticate. -- This message was sent by Atlassian JIRA (v7.2.3#72005)

6 years, 10 months

1
0
0 / 0

[JBoss JIRA] (DROOLS-1590) The behavior of rule flow is different in drools 6.4.0 Final and 6.5.0 Final